P 660hw
by Zyxel
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6016 | Cri | 0.64 | 9.8 | 0.06 | Dec 31, 2015 | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | ||
| CVE-2018-5330 | Hig | 0.49 | 7.5 | 0.02 | Jan 16, 2018 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | ||
| CVE-2017-17901 | Hig | 0.49 | 7.5 | 0.02 | Dec 29, 2017 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | ||
| CVE-2015-6017 | Med | 0.40 | 6.1 | 0.02 | Dec 31, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | ||
| CVE-2014-4162 | 0.03 | — | 0.03 | Jun 16, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. | |||
| CVE-2019-6725 | 0.00 | — | 0.02 | May 31, 2019 | The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin. | |||
| CVE-2013-3588 | 0.00 | — | 0.02 | Apr 2, 2014 | The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. | |||
| CVE-2008-1257 | 0.00 | — | 0.02 | Mar 10, 2008 | Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. | |||
| CVE-2008-1256 | 0.00 | — | 0.03 | Mar 10, 2008 | The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | |||
| CVE-2008-1254 | 0.00 | — | 0.01 | Mar 10, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | |||
| CVE-2008-1255 | 0.00 | — | 0.04 | Mar 10, 2008 | The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user. |
- risk 0.64cvss 9.8epss 0.06
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
- risk 0.49cvss 7.5epss 0.02
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
- risk 0.40cvss 6.1epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.
- CVE-2014-4162Jun 16, 2014risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.
- CVE-2019-6725May 31, 2019risk 0.00cvss —epss 0.02
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.
- CVE-2013-3588Apr 2, 2014risk 0.00cvss —epss 0.02
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
- CVE-2008-1257Mar 10, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.
- CVE-2008-1256Mar 10, 2008risk 0.00cvss —epss 0.03
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
- CVE-2008-1254Mar 10, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
- CVE-2008-1255Mar 10, 2008risk 0.00cvss —epss 0.04
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.